|
[求助]脱壳成功,就是找不到要修改的位置,请大家帮忙看看
下面的代码是,不过改了这里好像也不行,改了之后无论密码对不对 都不出任何提示也不打开脚本 00449B30 8B86 5C010000 mov eax, dword ptr [esi+15C] 00449B36 53 push ebx 00449B37 53 push ebx 00449B38 68 B1000000 push 0B1 00449B3D 50 push eax 00449B3E FFD5 call ebp 00449B40 8B8E 5C010000 mov ecx, dword ptr [esi+15C] 00449B46 53 push ebx 00449B47 53 push ebx 00449B48 68 B7000000 push 0B7 00449B4D 51 push ecx 00449B4E FFD5 call ebp 00449B50 8D4C24 18 lea ecx, dword ptr [esp+18] 00449B54 E8 87DAFBFF call 004075E0 00449B59 8B4424 14 mov eax, dword ptr [esp+14] 00449B5D 83C0 F0 add eax, -10 00449B60 C68424 D4020000>mov byte ptr [esp+2D4], 2 00449B68 8D50 0C lea edx, dword ptr [eax+C] 00449B6B 83C9 FF or ecx, FFFFFFFF 00449B6E F0:0FC10A lock xadd dword ptr [edx], ecx 00449B72 49 dec ecx 00449B73 85C9 test ecx, ecx 00449B75 7F 08 jg short 00449B7F 00449B77 8B08 mov ecx, dword ptr [eax] 00449B79 8B11 mov edx, dword ptr [ecx] 00449B7B 50 push eax 00449B7C FF52 04 call dword ptr [edx+4] 00449B7F 8B4424 10 mov eax, dword ptr [esp+10] 00449B83 83C0 F0 add eax, -10 00449B86 C68424 D4020000>mov byte ptr [esp+2D4], 1 00449B8E 8D48 0C lea ecx, dword ptr [eax+C] 00449B91 83CA FF or edx, FFFFFFFF 00449B94 F0:0FC111 lock xadd dword ptr [ecx], edx 00449B98 4A dec edx 00449B99 85D2 test edx, edx 00449B9B 7F 08 jg short 00449BA5 00449B9D 8B08 mov ecx, dword ptr [eax] 00449B9F 8B11 mov edx, dword ptr [ecx] 00449BA1 50 push eax 00449BA2 FF52 04 call dword ptr [edx+4] 00449BA5 8D4C24 28 lea ecx, dword ptr [esp+28] 00449BA9 889C24 D4020000 mov byte ptr [esp+2D4], bl 00449BB0 E8 5BF1FCFF call 00418D10 00449BB5 8B86 5C010000 mov eax, dword ptr [esi+15C] 00449BBB 50 push eax 00449BBC FF15 10C34500 call dword ptr [<&user32.SetFocus>] ; USER32.SetFocus 00449BC2 8B4424 64 mov eax, dword ptr [esp+64] 00449BC6 3BC3 cmp eax, ebx 00449BC8 74 0F je short 00449BD9 00449BCA 50 push eax 00449BCB 53 push ebx 00449BCC FF15 F4C14500 call dword ptr [<&kernel32.GetProcess>; kernel32.GetProcessHeap 00449BD2 50 push eax 00449BD3 FF15 F8C14500 call dword ptr [<&kernel32.HeapFree>] ; ntdll.RtlFreeHeap 00449BD9 8B8C24 CC020000 mov ecx, dword ptr [esp+2CC] 00449BE0 5F pop edi 00449BE1 33C0 xor eax, eax 00449BE3 64:890D 0000000>mov dword ptr fs:[0], ecx 00449BEA 5E pop esi 00449BEB 5D pop ebp 00449BEC 5B pop ebx 00449BED 8BE5 mov esp, ebp 00449BEF 5D pop ebp 00449BF0 C2 1000 retn 10 00449BF3 68 57000780 push 80070057 00449BF8 E8 C38BFBFF call 004027C0 |
|
[求助]脱壳成功,就是找不到要修改的位置,请大家帮忙看看
谢谢上面的大哥,我修改了那里,结果却不对,我又分析了一下大概是 00449A3A 75 4E jnz short 00449A8A 于是我把jnz改成je.但是修改了这里也不正常,修改后输入错误密码不提示“密码错误你无权打开脚本”了,但是还是不能正常打开脚本,但是输入正确密码就会提示“密码错误” 正常的是这样: 密码错误提示(也就是把jnz改成je后正确密码的提示): 主要还是输入正确密码没有任何提示就打开脚本了,只有密码错误时有提示。请大家帮我看看,是不是还有地方没改对?已经研究几天了,请各位老大帮帮我 |
|
[求助]脱壳成功,就是找不到要修改的位置,请大家帮忙看看
是的,现在官方也没了,STW也不更新了,脚本该公开了,要不那么多人完SF没脚本.......... |
|
[求助]一个MFC程序的问题
发一段我脱壳后用OD打开复制的代码 00449812 55 push ebp 00449813 33DB xor ebx, ebx 00449815 56 push esi 00449816 8BF1 mov esi, ecx 00449818 8B56 04 mov edx, dword ptr [esi+4] 0044981B 57 push edi 0044981C 33C0 xor eax, eax 0044981E B9 13000000 mov ecx, 13 00449823 8D7C24 70 lea edi, dword ptr [esp+70] 00449827 895C24 54 mov dword ptr [esp+54], ebx 0044982B 895C24 64 mov dword ptr [esp+64], ebx 0044982F 895C24 68 mov dword ptr [esp+68], ebx 00449833 895C24 6C mov dword ptr [esp+6C], ebx 00449837 F3:AB rep stos dword ptr es:[edi] 00449839 8D8424 C0010000 lea eax, dword ptr [esp+1C0] 00449840 898424 8C000000 mov dword ptr [esp+8C], eax 00449847 A1 70224A00 mov eax, dword ptr [4A2270] 0044984C 8D8C24 C0000000 lea ecx, dword ptr [esp+C0] 00449853 889C24 C0010000 mov byte ptr [esp+1C0], bl 0044985A 889C24 C0000000 mov byte ptr [esp+C0], bl 00449861 C78424 BC000000>mov dword ptr [esp+BC], 1 0044986C C74424 70 4C000>mov dword ptr [esp+70], 4C 00449874 C78424 90000000>mov dword ptr [esp+90], 104 0044987F C78424 AC000000>mov dword ptr [esp+AC], 00460830 ; *.sec 0044988A 898C24 94000000 mov dword ptr [esp+94], ecx 00449891 C78424 98000000>mov dword ptr [esp+98], 100 0044989C C78424 A4000000>mov dword ptr [esp+A4], 880820 004498A7 C74424 7C 38084>mov dword ptr [esp+7C], 00460838 ; 脚本文件(*.sec) 004498AF 894424 78 mov dword ptr [esp+78], eax 004498B3 C78424 B4000000>mov dword ptr [esp+B4], 0040E780 004498BE 895424 74 mov dword ptr [esp+74], edx 004498C2 C74424 50 1CDF4>mov dword ptr [esp+50], 0045DF1C 004498CA 8B3D ECC34500 mov edi, dword ptr [<&user32.GetActi>; USER32.GetActiveWindow 004498D0 899C24 D4020000 mov dword ptr [esp+2D4], ebx 004498D7 C78424 A0000000>mov dword ptr [esp+A0], 004608CC ; 打开脚本文件 004498E2 FFD7 call edi 004498E4 50 push eax 004498E5 8D4C24 54 lea ecx, dword ptr [esp+54] 004498E9 E8 82F4FCFF call 00418D70 004498EE 83F8 01 cmp eax, 1 004498F1 0F85 BE020000 jnz 00449BB5 004498F7 68 B0084600 push 004608B0 ; 请输入用于打开脚本的密码 004498FC 8D4C24 2C lea ecx, dword ptr [esp+2C] 00449900 E8 0BDCFFFF call 00447510 00449905 C68424 D4020000>mov byte ptr [esp+2D4], 1 0044990D FFD7 call edi 0044990F 8D4C24 28 lea ecx, dword ptr [esp+28] 00449913 51 push ecx 00449914 8D5424 34 lea edx, dword ptr [esp+34] 00449918 52 push edx 00449919 68 10254900 push 00492510 0044991E 8BF8 mov edi, eax 00449920 E8 3B4CFCFF call 0040E560 00449925 A1 70224A00 mov eax, dword ptr [4A2270] 0044992A 53 push ebx 0044992B 68 80E74000 push 0040E780 00449930 57 push edi 00449931 6A 68 push 68 00449933 50 push eax 00449934 FF15 E8C34500 call dword ptr [<&user32.DialogBoxPar>; USER32.DialogBoxParamA 0044993A 83F8 01 cmp eax, 1 0044993D 0F85 62020000 jnz 00449BA5 00449943 8B4C24 4C mov ecx, dword ptr [esp+4C] 00449947 68 4CC54500 push 0045C54C 0044994C 51 push ecx 0044994D E8 F0380000 call 0044D242 00449952 83C4 08 add esp, 8 00449955 85C0 test eax, eax 00449957 0F84 48020000 je 00449BA5 0044995D 8D9424 C0010000 lea edx, dword ptr [esp+1C0] 00449964 52 push edx 00449965 8D4C24 14 lea ecx, dword ptr [esp+14] 00449969 E8 A2DCFBFF call 00407610 0044996E A1 B0224A00 mov eax, dword ptr [4A22B0] 00449973 B9 B0224A00 mov ecx, 004A22B0 00449978 C68424 D4020000>mov byte ptr [esp+2D4], 2 00449980 FF50 0C call dword ptr [eax+C] 00449983 8D78 10 lea edi, dword ptr [eax+10] 00449986 897C24 14 mov dword ptr [esp+14], edi 0044998A 895C24 18 mov dword ptr [esp+18], ebx 0044998E 895C24 1C mov dword ptr [esp+1C], ebx 00449992 895C24 20 mov dword ptr [esp+20], ebx 00449996 895C24 24 mov dword ptr [esp+24], ebx 0044999A 8B5424 4C mov edx, dword ptr [esp+4C] 0044999E 8B4424 10 mov eax, dword ptr [esp+10] 004499A2 8D4C24 18 lea ecx, dword ptr [esp+18] 004499A6 51 push ecx 004499A7 52 push edx 004499A8 50 push eax 004499A9 8BCE mov ecx, esi 004499AB C68424 E0020000>mov byte ptr [esp+2E0], 4 004499B3 E8 18FCFFFF call 004495D0 004499B8 3BC3 cmp eax, ebx 004499BA 75 7B jnz short 00449A37 004499BC 8B4E 04 mov ecx, dword ptr [esi+4] 004499BF 53 push ebx 004499C0 68 A4E14500 push 0045E1A4 ; 脚本错误 004499C5 68 98084600 push 00460898 ; 你打开的不是.sec脚本 004499CA 51 push ecx 004499CB FF15 80C34500 call dword ptr [<&user32.MessageBoxA>>; USER32.MessageBoxA 004499D1 8D4C24 18 lea ecx, dword ptr [esp+18] 004499D5 E8 06DCFBFF call 004075E0 004499DA 8D47 F0 lea eax, dword ptr [edi-10] 004499DD C68424 D4020000>mov byte ptr [esp+2D4], 2 004499E5 8D50 0C lea edx, dword ptr [eax+C] 004499E8 83C9 FF or ecx, FFFFFFFF 004499EB F0:0FC10A lock xadd dword ptr [edx], ecx 004499EF 49 dec ecx 004499F0 85C9 test ecx, ecx 004499F2 7F 08 jg short 004499FC 004499F4 8B08 mov ecx, dword ptr [eax] 004499F6 8B11 mov edx, dword ptr [ecx] 004499F8 50 push eax 004499F9 FF52 04 call dword ptr [edx+4] 004499FC 8B4424 10 mov eax, dword ptr [esp+10] 00449A00 83C0 F0 add eax, -10 00449A03 C68424 D4020000>mov byte ptr [esp+2D4], 1 00449A0B 8D48 0C lea ecx, dword ptr [eax+C] 00449A0E 83CA FF or edx, FFFFFFFF 00449A11 F0:0FC111 lock xadd dword ptr [ecx], edx 00449A15 4A dec edx 00449A16 85D2 test edx, edx 00449A18 7F 08 jg short 00449A22 00449A1A 8B08 mov ecx, dword ptr [eax] 00449A1C 8B11 mov edx, dword ptr [ecx] 00449A1E 50 push eax 00449A1F FF52 04 call dword ptr [edx+4] 00449A22 8D4C24 28 lea ecx, dword ptr [esp+28] 00449A26 889C24 D4020000 mov byte ptr [esp+2D4], bl 00449A2D E8 DEF2FCFF call 00418D10 00449A32 E9 8B010000 jmp 00449BC2 00449A37 83F8 03 cmp eax, 3 00449A3A 75 4E jnz short 00449A8A 00449A3C 8B46 04 mov eax, dword ptr [esi+4] 00449A3F 53 push ebx 00449A40 68 8C084600 push 0046088C ; 密码错误 00449A45 68 6C084600 push 0046086C ; 密码错误,你无权打开这个脚本 00449A4A 50 push eax 00449A4B FF15 80C34500 call dword ptr [<&user32.MessageBoxA>>; USER32.MessageBoxA 00449A51 8D4C24 18 lea ecx, dword ptr [esp+18] 00449A55 E8 86DBFBFF call 004075E0 00449A5A 8D4C24 14 lea ecx, dword ptr [esp+14] 00449A5E E8 0D92FBFF call 00402C70 00449A63 8D4C24 10 lea ecx, dword ptr [esp+10] 00449A67 E8 0492FBFF call 00402C70 00449A6C 8D4C24 28 lea ecx, dword ptr [esp+28] 00449A70 889C24 D4020000 mov byte ptr [esp+2D4], bl 00449A77 E8 94F2FCFF call 00418D10 00449A7C 8D4C24 50 lea ecx, dword ptr [esp+50] 00449A80 E8 7BE9FDFF call 00428400 00449A85 E9 4F010000 jmp 00449BD9 00449A8A 8D8C24 C0010000 lea ecx, dword ptr [esp+1C0] 00449A91 51 push ecx 00449A92 8D4C24 18 lea ecx, dword ptr [esp+18] 00449A96 E8 C594FBFF call 00402F60 00449A9B 8B5424 14 mov edx, dword ptr [esp+14] 00449A9F 8B46 04 mov eax, dword ptr [esi+4] 00449AA2 52 push edx 00449AA3 68 BD040000 push 4BD 00449AA8 50 push eax 00449AA9 FF15 7CC34500 call dword ptr [<&user32.SetDlgItemTe>; USER32.SetDlgItemTextA 00449AAF 8B8E 5C010000 mov ecx, dword ptr [esi+15C] 00449AB5 68 4CC54500 push 0045C54C 00449ABA 51 push ecx 00449ABB FF15 B8C34500 call dword ptr [<&user32.SetWindowTex>; USER32.SetWindowTextA 00449AC1 8B96 5C010000 mov edx, dword ptr [esi+15C] 00449AC7 8B2D 38C34500 mov ebp, dword ptr [<&user32.SendMes>; USER32.SendMessageA 00449ACD 53 push ebx 00449ACE 53 push ebx 00449ACF 68 B1000000 push 0B1 00449AD4 52 push edx 00449AD5 FFD5 call ebp 00449AD7 8B86 5C010000 mov eax, dword ptr [esi+15C] 00449ADD 53 push ebx 00449ADE 53 push ebx 00449ADF 68 B7000000 push 0B7 00449AE4 50 push eax 00449AE5 FFD5 call ebp 00449AE7 8B4424 1C mov eax, dword ptr [esp+1C] 00449AEB 33FF xor edi, edi 00449AED 3BC3 cmp eax, ebx 00449AEF 76 3F jbe short 00449B30 00449AF1 3BF8 cmp edi, eax 00449AF3 0F83 FA000000 jnb 00449BF3 00449AF9 8B4C24 18 mov ecx, dword ptr [esp+18] 00449AFD 8B14B9 mov edx, dword ptr [ecx+edi*4] 00449B00 52 push edx 00449B01 8D4424 14 lea eax, dword ptr [esp+14] 00449B05 68 64084600 push 00460864 ; %s\n\n 00449B0A 50 push eax 00449B0B E8 C099FCFF call 004134D0 00449B10 8B4C24 1C mov ecx, dword ptr [esp+1C] 00449B14 8B96 5C010000 mov edx, dword ptr [esi+15C] 00449B1A 83C4 0C add esp, 0C 我现在就是不会找密码错误是跳转的地方,还有也不会找正确打开脚本的地方,, |
|
[求助]一个MFC程序的问题
刚才忘了帖软件地址,现在加上了,请各位大哥帮忙研究研究 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值